[Snort-users] 127.0.0.1

Edin Dizdarevic edin.dizdarevic at ...7509...
Thu Apr 1 01:05:02 EST 2004


Hi Snort Man!

First of all, read the old postings about this, since there are many.
(This had to be said, sorry...)

Second:
You have provided far too less information:
- Your OS
- Your configuration vars
- Your command line
- Your network environment

Third:
This could be a combination of two configuration errors you possibly may
have done:

1. You have defined your HOME_NET and EXTERNAL_NET to "any"
2. You're running snort with "-i any" (on Linux)

Connecting to your local webserver may under these circumstances trigger
those alerts. Check that. Also remember: Both things are tendentially
bad workarounds, try to avoid them.

Fourth:
You're getting some spoofed packets from the "outside". Check your
packet filters and keep an eye on it. Nothing unusual nowadays.

Fifth:
For the loopback stuff check R.W. Stevens.

Regards,
Edin


Snort Man schrieb:

> Dear All I am new to this snort thing. I installed snort and 70% of 
> the traffice is as follows.. loopback address port 80 is sending 
> requests to internal and external addresses. can anybody please 
> explaing what is this ??

-- 
Edin Dizdarevic




More information about the Snort-users mailing list